Skip to main content
Submit RFP
Contact us

      Overview

      Our Governance, Risk and Compliance (GRC) service is an integrated framework that unifies governance, risk, compliance and assurance functions to achieve a consistent and holistic vision across the organization.

      The starting point of the GRC Holistic Model is the company strategy regarding the governance, risk, compliance, control and assurance functions. As a result, the business model for GRC activities should be determined in accordance with the company business model. GRC’s contribution to the organization’s success in terms of compliance and performance should be determined.

      Establishing an Internal Audit Function (EIAF)

      1. Establish Governance Framework   
        • Audit Committee charter
        • Internal Audit Charter
        • Organization status of internal Audit    
      2. Develop Operational Guidance    
        • Internal Audit Organization Chart
        • Internal Audit Operations Manual
        • Standard Internal Audit Working Paper Templates            
      3. Establish Executive/Board Reporting  
        • nInternal Audit Reporting Matrix
        • nInternal Audit Reporting Templates
      4. Perform Enterprise Risk Assessment   
        • Risk Ranking Criteria
        • Enterprise Risk Matrix
        • Completed Risk Assessment
      5. Internal Audit Plan Development & follow up  
        • Risk-Based Internal Audit Plan
        • Assign Internal Audit Resources

      Internal Audit Strategic Sourcing (IASS)

      Our innovative methodology is globally developed and locally deployed. It incorporates the latest Internal Audit trends. Our risk-based methodology directs our efforts not only to the traditional support service focus areas, but also to the key operational business processes.

      Quality Assessment Review (QAR)

      Our methodology is supported by a conceptual framework that identifies three focus areas and related “driving principles” drawn from KPMG’s knowledge and experience with Internal Audit functions. The three main components are: Positioning, People and Process. Our methodology was established to address the needs of clients regardless of the size or location.

      Quality Assessment Review (QAR)

      Our methodology is supported by a conceptual framework that identifies three focus areas and related “driving principles” drawn from KPMG’s knowledge and experience with Internal Audit functions. The three main components are: Positioning, People and Process. Our methodology was established to address the needs of clients regardless of the size or location.

      Internal Control Review (ICR) in line with COSO Internal Control Integrated Framework

      Objectives of COSO framework

      COSO’s Framework defines internal control as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

      KPMG team works with a methodology globally applied to evaluate the internal controls, processes policies and procedures related in line with COSO Internal Control Integrated Framework 2013 on two levels different as follows:

      • Evaluate the Entity-Level Controls (ELCs).
      • Evaluate the Process-Level Controls (PLCs).

      Internal Control Review (ICR) in line with COSO Internal Control Integrated Framework

      Our methodology is supported by a conceptual framework that identifies three focus areas and related “driving principles” drawn from KPMG’s knowledge and experience with Internal Audit functions. The three main components are: Positioning, People and Process. Our methodology was established to address the needs of clients regardless of the size or location.

      Board Advisory Services (BAS)

      Board Advisory and Services helps board members do their job more effectively by providing a repository of reference materials and sample documents from leading practices, as well as guidelines and evaluation tools.

      Expectations upon boards are increasing globally, as organizations become more mature and/or seek access to capital markets. In many countries directors are expected to contribute more actively to business strategy and understand emerging risks impacting their company and, more generally, their industry. They must also scrutinize their company’s internal control environment more closely and engage stakeholders better.

      Enterprise Risk Management (ERM)

      KPMG’s approach to Enterprise Risk Management (ERM) is a practical, simple and global approach. It divides the approach into two pieces – Content and Process into a Company’s business model, objectives and culture). Our methodology for ERM projects relies on a Top-Down approach.

      Compliance Program Services (CPS)

      KPMG’s Compliance Program Framework has been refined through numerous advisory engagements and is continuously calibrated against applicable regulatory expectations, requirements, and guidance, as well as industry standards.